Manufacturing arguably offers the largest attack surface of almost any industry with regards to cybersecurity threats, and has long been a prime target for ‘everyday’ attacks like phishing, ransomware, data-theft – you name it, they’ve seen it. But these ‘everyday’ attacks and the associated losses are only the tip of the iceberg when it comes to what could potentially happen in the future.
Manufacturing plants relying on real-time operation, accuracy and reliable quality of work leverage IoT, SCADA (Supervisory Control and Data Acquisition) systems and Industrial Internet of Things (IIoT) in addition to traditional networks to ensure operations run seamlessly. A cyberattack causing disruption to either SCADA or IIoT could significantly affect the company’s bottom line – not to mention give competitors advantages as the threat is being mitigated.
Take automobile assembly; these plants have become larger, faster and more reliant on on-time part delivery and automated systems to maintain the levels of quality required to build the complex cars that we drive today. Fiat Chrysler announced plans to commit $4.5 billion for a manufacturing expansion that will include a new Jeep assembly plant. This is exciting news for Detroit – the Motor City – but begs the question: how should new factories approach cybersecurity to ensure that immediate operations are secured while also preparing for future threats?
• Think ahead. Industrial IoT (IIoT) is a powerful technology that complicates any manufacturing security strategy. IIoT devices may spread across multiple plants, share between locations, use data in the cloud and be managed by consoles on the corporate network, which also have access to cloud data. This makes it harder to map the complete attack surface for an IIoT environment. The best way to provide security across IIoT is to design it in from the start of the deployment. This way, it is always a consideration and any gaps in security are likely to become visible in testing before causing issues in a live deployment.
• Understand what you have and what it does. Knowing what is connected to the network is essential in developing a solid security posture. Every connected device, from the largest manufacturing plant to the smallest sensor, needs to be accounted for and understood. From here, a network level security posture that will enable rogue connected assets to be identified and removed quickly in the case of a suspected breach can be established.
• Know who (or what) has access. This may sound simple, but strict levels of authentication and authorization need to be in place to ensure data integrity and prevent it being stolen. Usernames and passwords are not enough, consider biometrics, token-based and other two-factor authentication methods to strengthen security. It is also important to regularly review and maintain the user database to prune users who have left the organization and to ensure users with changed roles retain the correct levels of access.
• Start at the edge. It is not always possible to protect each and every device on the network. In the case of IIoT, the device could be a real-time plant where security could affect latency and slow performance, or a tiny sensor that does not have the compute resources for a security layer to be added. However, successful security solutions do not have to be added to each and every endpoint. Successful security should be designed to provide a wrapper for as many devices as possible to offer the broadest protection. This means that the best place to start is at the edge. Implement a gateway solution to create a segregated network for IIoT, keeping it separate from other corporate computing resources. As a result, any data transfer between IIoT and the rest of the network can be encrypted and controlled by the more modern gateway, ensuring a level of security that may not have otherwise been available.
• Avoid common missteps. First, legacy solutions come with legacy management. When we’re talking about risk and security it’s speed that is of the essence, being able to react quickly when a threat occurs is key to effective mitigation. This is just not possible if there are a myriad of different management solutions in place as the challenge moves from ‘spot a needle in a haystack’ to ‘spot a needle across multiple haystacks’. Second, it’s easy to want to “fix” this with a custom management solution to cover all areas of the IIoT deployment. This may seem like a good idea at the outset, but there are going to be areas of compromise in an umbrella management solution and areas of compromise can open up devices and data to become areas of risk.
The security challenges SCADA and IIoT present may seem more complex at-a-glance, but actually are not all that different from the challenges that any enterprise business encounters on a daily basis: keep threats out, know what is on the network, who has access and react fast when a breach occurs. This means that the team responsible for SCADA and IIoT security can learn a lot from their co-workers securing the corporate enterprise network – in fact, by working together, these teams can ensure better security across the whole enterprise environment and that can only be good for business.